Paper 2024/2049

BBB Secure Arbitrary Length Tweak TBC from n-bit Block Ciphers

Arghya Bhattacharjee, University of Luxembourg, Luxembourg
Ritam Bhaumik, EPFL, Lausanne, Switzerland, Technology Innovation Institute, Abu Dhabi, United Arab Emirates
Nilanjan Datta, Institute for Advancing Intelligence, TCG-CREST, Kolkata, India
Avijit Dutta, Institute for Advancing Intelligence, TCG-CREST, Kolkata, India
Shibam Ghosh, INRIA, Paris, France
Sougata Mandal, Institute for Advancing Intelligence, TCG-CREST, Kolkata, India, Ramakrishna Mission Vivekananda Educational and Research Institute, Belur, India
Abstract

At FSE'15, Mennink introduced the concept of designing beyond-the-birthday bound secure tweakable block cipher from an ideal block cipher. They proposed two tweakable block ciphers $\widetilde{F}[1]$ and $\widetilde{F}[2]$ that accepts $n$-bit tweak using a block cipher of $n$-bit key and $n$-bit data. Mennink proved that the constructions achieve security up to $2^{2n/3}$ and $2^n$ queries, respectively, assuming the underlying block cipher is ideal. Later, at ASIACRYPT'16, Wang et al. proposed a class of $32$ new tweakable block ciphers derived from $n$-bit ideal block ciphers that achieve optimal security, i.e., security up to $2^n$ queries. The proposed designs by both Mennink and Wang et al. admit only $n$-bit tweaks. In FSE'23, Shen and Standaert proposed a tweakable block cipher $\widetilde{G}2$ that accepts $2n$-bit tweaks and achieves security up to $2^n$ queries. Their construction uses three block cipher calls, which was shown to be optimal for beyond-birthday-bound secure tweakable block ciphers accepting $2n$-bit tweaks. In this paper, we extend this line of research and consider designing tweakable block cipher supporting $3n$-bit tweaks from ideal block cipher. First, we show that there is a generic birthday-bound distinguishing attack on any such design with three block cipher calls if any of the block cipher keys are tweak-independent. We then propose a tweakable block cipher $\widetilde{\textsf{G}}3^*$, which leverages three block cipher calls with each key being dependent on tweak. We demonstrate that $\widetilde{\textsf{G}}3^*$ achieve security up to $2^{2n/3}$ queries. Furthermore, we extend this result and propose an optimally secure construction, dubbed $\widetilde{\textsf{G}}3$, that uses four ideal block cipher calls with only one tweak-dependent key. Finally, we generalize this and propose an optimally secure tweakable block cipher $\widetilde{\textsf{G}}r$ that processes $rn$-bit tweaks using $(r+1)$ block cipher invocations with only one tweak-dependent block cipher key. Our experimental evaluation asserts that ZMAC instantiated with $\widetilde{\textsf{G}}3$ and $\widetilde{\textsf{G}}4$ (i.e., $\widetilde{\textsf{G}}r$ with $r=4$) performs better than all the existing ideal cipher based TBC candidates.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Tweakable Block CipherOptimal SecurityBeyond Birthday BoundIdeal Cipher ModelH-Coefficient Technique
Contact author(s)
bhattacharjeearghya29 @ gmail com
bhaumik ritam @ gmail com
nilanjan datta @ tcgcrest org
avirocks dutta13 @ gmail com
shibam ghosh @ inria fr
sougatamandal2014 @ gmail com
History
2025-03-03: revised
2024-12-19: received
See all versions
Short URL
https://ia.cr/2024/2049
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/2049,
      author = {Arghya Bhattacharjee and Ritam Bhaumik and Nilanjan Datta and Avijit Dutta and Shibam Ghosh and Sougata Mandal},
      title = {{BBB} Secure Arbitrary Length Tweak {TBC} from n-bit Block Ciphers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/2049},
      year = {2024},
      url = {https://eprint.iacr.org/2024/2049}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.